[hipl-users] SHA1 version

• From: Daniel Migault <mglt.biz@xxxxxxxxx>
• To: hipl-users@xxxxxxxxxxxxx
• Date: Tue, 15 Jun 2010 18:31:49 +0200

Hi,

RFC5201 and RFC5202 mentions the use of SHA1 and RFC 5202 in section 3.3.5.
Supported Transforms mentions

 "All HIP implementations MUST support AES-CBC [RFC3602] and
HMAC-SHA-1-96 [RFC2404]."

Can you confirm that all SHA1 of RFC5201 and RFC5202 MUST be
understood as SHA1-96, or is that the way you implemented it in HIPL?
-- I am just upset since I had in mind that SHA1 is by default
SHA1-160.

As such, default parameters for HIPL seems to me :
DH              | 1536-bit MODP Group             |
ESP_ENCR | AES-CBC with HMAC-SHA1    |
                   | 3DES-CBC with HMAC-SHA1  |
                   | NULL with HMAC-SHA1          |
ID                |  RSA                                     |

How can you configure I1 with HIP_TRANSFORM or ESP_TRANSFORM?
ESP_ENCR        ENCR_NULL       
ESP_AUTH        HMAC_SHA1_96

Regards,

Daniel





























Regards,
Daniel



-- 
Daniel Migault
Orange Labs / Security Lab
+33 (0) 1 45 29 60 52
+33 (0) 6 70 72 69 58

• Follow-Ups:
  • [hipl-users] Re: SHA1 version
    • From: Miika Komu

Other related posts:

• » [hipl-users] SHA1 version - Daniel Migault
• » [hipl-users] Re: SHA1 version- Miika Komu

1. Home
2. hipl-users
3. Archive
4. 06-2010

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---